DOVEADM-PW(1) Dovecot DOVEADM-PW(1)
NAME
doveadm-pw - Dovecot's password hash generator
SYNOPSIS
doveadm [-Dv] pw -l
doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
doveadm [-Dv] pw -t hash [-p password] [-u user]
DESCRIPTION
doveadm pw is used to generate password hashes for different password
schemes and optionally verify the generated hash.
All generated password hashes have a {scheme} prefix, for example
{SHA512-CRYPT.HEX}. All passdbs have a default scheme for passwords
stored without the {scheme} prefix. The default scheme can be overrid-
den by storing the password with the scheme prefix.
OPTIONS
Global doveadm(1) options:
-D Enables verbosity and debug messages.
-o setting=value
Overrides the configuration setting from /etc/dovecot/dove-
cot.conf and from the userdb with the given value. In order to
override multiple settings, the -o option may be specified mul-
tiple times.
-v Enables verbosity, including progress counter.
Command specific options:
-l List all supported password schemes and exit successfully.
There are up to three optional password schemes: BLF-CRYPT
(Blowfish crypt), SHA256-CRYPT and SHA512-CRYPT. Their avail-
ability depends on the system's currently used libc.
-p password
The plain text password for which the hash should be generated.
If no password was given doveadm(1) will prompt interactively
for one.
-r rounds
The password schemes BLF-CRYPT, SHA256-CRYPT and SHA512-CRYPT
supports a variable number of encryption rounds. The following
table shows the minimum/maximum number of encryption rounds per
scheme. When the -r option was omitted the default number of
encryption rounds will be applied.
Scheme | Minimum | Maximum | Default
----------------------------------------------
BLF-CRYPT | 4 | 31 | 5
SHA256-CRYPT | 1000 | 999999999 | 5000
SHA512-CRYPT | 1000 | 999999999 | 5000
-s scheme
The password scheme which should be used to generate the hashed
password. By default the CRYPT scheme will be used (with the
$2y$ bcrypt format). It is also possible to append an encoding
suffix to the scheme. Supported encoding suffixes are: .b64,
.base64 and .hex.
See also http://wiki2.dovecot.org/Authentication/PasswordSchemes
for more details about password schemes.
-t hash
Test if the given password hash matches a given plain text pass-
word. You should enclose the password hash in single quotes, if
it contains one or more dollar signs ($). The plain text pass-
word may be passed using the -p option. When no password was
specified, doveadm(1) will prompt interactively for one.
-u user
When the DIGEST-MD5 scheme is used, also the user name must be
given, because the user name is a part of the generated hash.
For more information about Digest-MD5 please read also:
http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5
-V When this option is given, the hashed password will be inter-
nally verified. The result of the verification will be shown
after the hashed password, enclosed in parenthesis.
EXAMPLE
The first password hash is a DIGEST-MD5 hash for jane.roe AT example.com.
The second password hash is a CRAM-MD5 hash for john.doe AT example.com.
doveadm pw -s digest-md5 -u jane.roe AT example.com
Enter new password:
Retype new password:
{DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
doveadm pw
Enter new password:
Retype new password:
{CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b
REPORTING BUGS
Report bugs, including doveconf -n output, to the Dovecot Mailing List
<dovecot AT dovecot.org>. Information about reporting bugs is available
at: http://dovecot.org/bugreport.html
SEE ALSO
doveadm(1)
Dovecot v2.3 2015-06-05 DOVEADM-PW(1)
Linux-Distributionen
Huschi als Linux-Admin